Thomas Skora, a German security researcher, managed to get an app in Google Play that could read a contactless credit card data. The app has been already removed and its goal was to test the security flaw. Skora’s app was able to get details from German PayPas Mastercard and GeldKarte.
The app was able to read the card number, issue and expiry date, along with bank code, though Google removed it quickly from the Play Store, thanks to the news about it.
According to Skora, changing the app in order to get data from other banks and cards is very easy, which should really get us thinking about how secure the environment is. And this app doesn’t require anything else than a NFC-equipped smartphone.
The security researcher has also released the app’s source code, so that everyone can see the vulnerabilities. While it’s not a very good idea, considering that not only those with good intentions will get their hands on the code, the Smart Card Alliance is going to fix this vulnerability easier.
The Smart Card Alliance’s website states that the payment system is able to mitigate fraudulent transactions, though no fraud attempt was encountered yet.
Hopefully we will get better news soon, as this technology is becoming a trend, especially because its embedded in most nowadays smartphones.
This post has been updated in order to correct some misunderstandings. Thanks for those who sent the clarifications. I’m very sorry for the mistake.